CAS User Privilege and Permissions | Fujitsu IRMC S2/S3 manual

User Management

Permissions retrieved via LDAP

The authorization profile defined in the LDAP directory service applies to the user.

IThe Permissions retrieved via LDAP option is only available, if LDAP is enabled (see option "LDAP Enabled" on page 274).

CAS User Privilege and Permissions

The CAS User Privilege and Permissions group allows you to define the

iRMC S2/S3 privilege and permissions a user is granted if they are logged in at the iRMC S2/S3 via SSO.

IThe CAS User Privilege and Permissions group is not displayed if you have selected Permissions retrieved via LDAP under Permissions assigned from in the CAS Generic Configuration group.

Figure 174: CAS User Privilege and Permissions

Privilege

Assign a privilege group to the user here:

–User

–Operator

–Administrator

–OEM

Refer to section "User permissions" on page 68 for information on the permissions associated with the privilege groups.

In addition to the IPMI specific permissions, you can also individually assign users the following channel-independent permissions:

Configure User Accounts

Permission to configure local user access data.

290	iRMC S2/S3

Image 290

Fujitsu IRMC S2/S3 manual CAS User Privilege and Permissions, Assign a privilege group to the user here

Contents

User Guide English Edition July Certified documentation according to DIN EN ISO Comments… Suggestions… Corrections…Copyright and Trademarks Contents Contents Configuring and using the serial interface IRMC S2/S3 Menus of the AVR window Structure of the user interface System Event Log and Internal Event Log Remote Storage 354 Appendix Ipmi OEM Commands supported by the iRMC S2/S3 Preface Purpose and target groups of the manual ServicePurpose and target groups of the manual Other information Functions of the iRMC S2/S3 Power managementFunctions of the iRMC S2/S3 overview Standard functions of the iRMC S2/S3 Functions of the iRMC S2/S3 LAN DNS / Dhcp Extended functionality of the iRMC S2/S3 CD ROM DVD ROM IRMC S2/S3 provides the following communication interfaces Communication interfaces of the iRMC S2/S3Communication interfaces of the iRMC S2/S3 IRMC S2/S3 web interface web interface Communication protocols used by the iRMC S2/S3 Communication protocols used by the iRMC S2/S3 Intelligent Platform Management Ipmi technical backgroundIpmi technical background Objective Ipmi technical background Advantage Ipmi and other management standardsPage Ipmi technical background Ipmi technical background IPMI-over-LAN Serial Over LAN interface SOL BMC and LAN controller Channel concept under Ipmi BMC and SOL References Dcmi Data Center Management InterfaceData Center Management Interface Dcmi User identifications Changes since the previous versions of the manual Changes compared with the previous version Power Consumption Options iRMC S3 only Changes compared with the previous version Access to the link collection ServerView Suite link collection Documentation for ServerView Suite Documentation for the ServerView Suite VWarning Notational conventionsNotational conventions Notational conventions Your network RequirementsOn the remote workstation Default administrator ID IRMC S2/S3 factory defaultsIRMC S2/S3 factory defaults Default Dhcp name of the iRMC S2/S3 Logging into the iRMC S2/S3 web interface Logging into the iRMC S2/S3 web interfacePage Configuring the LAN interface of the iRMC S2/S3 Following tools are available for configuring the iRMC S2/S3 Connected to the correct LAN port? Configuring the LAN interface of the iRMC S2/S3Prerequisites Configuring the LAN interface Configuration tools Access from a different subnet Configuring the LAN interface of the iRMC S2/S3 Configure the following settings Set the value to Enabled IRMC LAN Parameters Configuration Menu IRMC S2/S3 You can test the LAN interface as follows Testing the LAN interfaceTest the connection to the iRMC S2/S3 with a ping command Configuring text console redirection via LAN Call the Peripheral Configuration menu Configuring text console redirection for the iRMC S2Settings in the Peripheral Configuration menu Accept the first value pair proposed Set the value to Serial Specify the baud rate Console redirection is terminated after the Bios Post phase Set the value to On-board COM a Exiting the Bios / TrustedCore setup utility Set the value to iRMCS3 Configuring text console redirection for the iRMC S3Make the following settings Save your settings and exit the Uefi setup utility Make the following settings in the Console Redirection menuExiting the Uefi setup utility DOS Windows Server 2003 Settings may differ between program versions Configuring text console redirection via LAN LinuxSettings required Add the following line to the end of the file /etc/inittab Configuring and using the serial interface of the iRMC S2/S3 Configuring the serial interface of the iRMC S2 Data bits Parity None Stop bits Flow Control Configuring the serial interface using of the iRMC S3 Serial Port On the managed server Using the Remote Manager Serial interfacePrerequisites Set the value to Configuring ports and network services Configuring the LAN parametersConfiguring the LAN settings Configuring DHCP/DNS Dynamic DNS Configuring alert forwarding over Snmp Configuring alertingConfiguring text console redirection Configuring email notification email alerting User management for the iRMC S2/S3 User management concept for the iRMC S2/S3 Concept Concept User permissions User permissions Video Redirection Enabled Configure User AccountsConfigure iRMC S2/S3 Settings Remote Storage Enabled Local user management for the iRMC S2/S3 Local user management using the iRMC S2/S3 web interfaceShowing the list of configured users Local user management for the iRMC S2/S3 Deleting users Local user management via the Server Configuration ManagerModifying the configuration of a user Prerequisite SSHv2 public key authentication for iRMC S2/S3 users Public key authentication Creating the public and private SSHv2 keys with PuTTYgen Bild 21 PuTTYgen Creating a new key pair progress bar Proceed as follows Local user management for the iRMC S2/S3 IRMC S2/S3 Click Upload to load the public key onto the iRMC S2/S3 Bild 25 PuTTY Selecting and loading an SSH session Bild 26 PuTTY Loading an SSH session IPlease note Local user management for the iRMC S2/S3 User Public SSHv2 key in OpenSSH format Example Public SSHv2 keyPublic SSHv2 key in RFC4716 format Advanced Video Redirection AVR Resolution Refresh rates Maximum Color depth Bits Requirements Check the AVR settingsGraphics mode settings on the managed server Prerequisites Supported text mode Keyboard settings Using AVR Using AVR Using a low bandwidth Parallel AVR sessions Local Monitor Off function Local monitor is on, but can be switched offLocal monitor is off, but can be switched on Integrated special keys Redirecting the keyboardSpecial key combinations Left Ctrl key corresponds to the Ctrl key on your keyboard Caps lock corresponds to the Caps Lock key on your keyboard Virtual keyboard Synchronizing the mouse pointer Using AVR Secure KeyboardRedirecting the mouse Using AVR Proceed as follows Open a DOS prompt window This opens the following window Proceed as follows to adjust the mouse pointer ChooseClick the OK button to save the settings Set the Pointer Speed to a medium value Properties ... Troubleshooting Hardware acceleration KDE You make permanent settings as follows for KDE Mouse Control Center window IRMC S2/S3 Set the following values in the Mouse Control Center window 101 Menus of the AVR windowMenus of the AVR window Virtual Keyboard window opens see on Extras menuYou can select the following functions in the Extras menu Refreshes the display of the local monitor state Refreshes the AVR window 103 Terminate your own AVR session 104 Terminate another AVR sessionList of current AVR sessions appears Remote Storage menu 105 Power Control menu Switches the server on Languages menu 107 Default setting Absolute Mode 108 Preferences menu Bpp color depth 256 colors Default No lower bandwidthBpp color depth 8 colors 109Page Remote Storage 111 IRMC S2/S3 113 Providing remote storage at the remote workstationProviding remote storage at the remote workstation Starting Remote Storage This opens the AVR window Menu bar in the AVR window, choose 115 Storage Devices dialog box Storage Devices dialog box Provision of storage media for emote Storage 117 118 Add Storage Device dialog Selecting the storage medium 119 120 Connecting storage media as remote storage 121 122 123 Connection Type dialog Assignment to USB 1.1 and USB 125 Clearing Remote Storage connectionsClick Disconnect to clear all Remote Storage connections Removing the storage medium Storage Devices dialog Removing a Remote Storage medium Providing remote storage via a Remote Storage server Booting from WinPE 2.x-based ISO imagesProviding remote storage via a Remote Storage server Remote Storage server is available for Windows systems Installing the Remote Storage server 129 Executing the Remote Storage server as a serviceRemote Storage server execution modes 130 Configuring, starting and exiting the Remote Storage serverCalling the Remote Storage server’s raphical user interface 131 Click the Apply button to activate your settings 132 Exiting the Remote Storage server 133 134 IRMC S2/S3 web interface 135 Logging into the iRMC S2/S3 web interface User configuration details on 137 138 Required user permissionsRequired user permissions 139 Set firmware selector 140 141 Open/edit the Email Alerting Open/edit the iRMC S2/S3 User 142 IRMC S2/S3 web interface is structured as follows Structure of the user interfaceStructure of the user interface 143 Navigation area 144 145 System Information Information on the server 146 System Overview General information on the server 147 System Information Information on the server System Status Informs about the server‘s Global Error LEDInforms about the server’s CSS Customer Self Service LED 148 Asset Tag Configuration 149 System Information lists information on the managed server Operating System Information 151 Current Overall Power ConsumptionThis option is not supported for all Primergy servers 152 System CPU Information 153 Applies the selected action to the selected memory modules Cancels your selectionSelects all memory modules 154 Bios entry contains the links to the following pages Bios Backing up/restore Bios settings, flashing BiosBios Backing up/restore Bios settings, flashing Bios 155 Edit Filename Request Bios Parameter Backup 157 Apply Bios Updating Bios via upload from file or via 159 Updating Bios Tftp download successfully finished Bios Information 161 File in which the Bios image is stored Bios Update Settings page Bios Update from File Vcaution 163 IRMC S2/S3 entry contains the links to the following pages IRMC S2/S3 Information, firmware and certificatesIRMC S2/S3 Information, firmware and certificates 164 IRMC S2/S3 Information Information on the iRMC S2/S3 165 Active Session Information 166 167 You can purchase the license keyMiscellaneous iRMC S2/S3 Options Temperature Units 169 Save iRMC S2/S3 Firmware Settings Save firmware settingsAlways save the setting using Click Save All to save all the settings 170 Save iRMC S2/S3 firmware settingsClick Save to save the selected settings 171 IRMC S2/S3 Information, firmware and certificates 173 Certificate Upload IRMC S2/S3 174 175 Loading a CA certificate from a local file You do this using the group 177 Entering the DSA/RSA certificate/private Dsarsa key directly 179 Generate a self-signed RSA Certificate IRMC S2/S3 No explicit reset of the iRMC S2/S3 is required 180 Certificate Creation IRMC S2/S3 Firmware Update 181 Low firmware image is selected Most recently updated firmware image is selectedLeast recently updated firmware image is selected High firmware image is selected High firmware image firmware image 2 is selected Inactive firmware is automatically selectedLow firmware image firmware image 1 is selected 183 IRMC S2/S3 Tftp Settings Updates the runtime firmwareUpdates the SDR record 185 186 Power ManagementPower Management 187 Power On/Off power the server up/downPower Status Summary Power Management Boot Options Power Management Boot Options Power On/Off page, Restart server is powered up 189 Graceful Power Off Shutdown Power Options Configuring power management for the server 191 Server always remains powered down after a power outage Server is always powered up again after a power outage Power Options page, Power On/Off Time IRMC S2/S3 193 Power Management Watt Technology Please note 194 ASR&R 195 Power Options page, 0 Watt Technology Administration window Defines the beginning hhmm of the time interval 196 197 Power Supply Info 198 199 Power ConsumptionPower Consumption Power Limit Options group is also displayed see 200 Power Consumption Configuration 201 Power Consumption Power Consumption OptionsUnit of electrical power used to display power consumption Scheduled Power Consumption Configuration Power Consumption Configuration page scheduled 203 Power Limit Options Maximum power consumption in Watts 204 205 Shut down the system gracefully and power it downNo action is performed Current Power Consumption Show the current power consumption 206 Power Consumption History Show server power consumption 207 Power Consumption Current Power Consumption Power History Options 209 Power History Chart 210 Value range Sensors Check status of the sensorsSensors Check status of the sensors Risk of loss of data integrity 212 Fans Check fansFans page provides information on fans and their status 213 Sensors Check status of the sensors Fan Test Test fansSelects all fans Sensors Check status of the sensors Temperature Report the temperature of the server components 215 Selects all temperature sensors Voltages Report voltage sensor information 217 Power Supply Check power supply 218 This functionality is not available with all servers 219 Component Status Check status of the server components 220 221 Status display for individual HDDs IRMC S2/S3 Sensors Check status of the sensors 223 System Event Log and Internal Event LogSystem Event Log and Internal Event Log System Event Log Content 224 System Event Log Content page, System Event Log Information 225 Show Resolutions InternalEvent Log Content IRMC S2/S3 227 Clear Internal Event Log 229 Event Log Configuration 230 Event log is organized as a ring buffer 231 Helpdesk Information Helpdesk Information 233 Server Management Information IRMC S2/S3 Enables/disables the Bios recovery flash bit Retry counter 0 Max 235 Server Management Information page, Watchdog Options Server management software triggers a system reset 237 Server Management Information HP SIM Integration Options 238 Network Settings Configure the LAN parametersNetwork Settings Configure the LAN parameters 239 Network Interface IRMC S2/S3 Network Interface Settings MAC address of the iRMC S2/S3 is displayed here Subnet mask of the iRMC S2/S3 in the LAN IPv4 configurationIPv4 address of the default gateway in the LAN 241 IPv6 configuration This option is disabled by default Vlan Configuration Max TCP Segment Lifetime Ports and Network Services 245 Session Timeout 246 Ports for text-based access 247 Remote Storage Ports Network Settings Configure the LAN parameters VNC portsClick Apply to store the configured settings 248 DNS Configuration Configuring DNS for the iRMC S2/S3 249 Number of DNS retries Network Settings Configure the LAN parameters DNS SettingsEnables/disables DNS for the iRMC S2/S3 251 Network Settings Configure the LAN parameters DNS NameEnables/disables update of DNS records via Dynamic DNS Name extension for the iRMC S2/S3 253 Alerting Configure alertingAlerting Configure alerting Snmp Trap Alerting Configure Snmp trap alerting Snmp Trap Alerting This entry will depend on the type of connection you have Serial / Modem Alerting Configure alerting via modemEnables or disables serial / modem alerting 255 DoCoMo Enter the name of the SMS serverEnter the name of the mobile phone You can choose between 80 or 140 as the maximum length Email Alerting Configure email alerting 257 Time in seconds between Smtp retries Activate this optionNumber of Smtp retries Password for authentication on the mail server No authentication for the connectionUser name for authentication on the mail server Smtp port of the mail server Email Alerting page Secondary Smtp Server Configuration Some entry fields are disabled depending on the mail format 261 Admin Name User Management User ManagementIRMC S2/S3 User local user management on the iRMC S2/S3 263 Delete You can see the configuration of a user with the name User3 265 User Management User name Configuration 266 Confirm the password by entering it again here Disable this option to lock the userEnter the user password Enter a general description of the configured user here Permission to use the Remote Storage functionality 268 Permission to configure local user access dataAssign a privilege group for a LAN channel to the user here User SSHv2 public key upload from file 269 Following email formats are available 270 271 Errors sending email are recorded in the event logEmail address of recipient Notification function is deactivated for this paging group 273 Ldap Enabled 275 IRMC S2/S3 Secure Ldap port of the Backup Ldap server IP address or DSN name of the Backup Ldap serverLdap port of the Backup Ldap server Ldap directory server that is to be used User name the iRMC S2/S3 uses to log onto the Ldap server Complete DNS path name of the directory serverBase DN is automatically derived from Domain Name Enables global email alerting 279 IRMC S2/S3 281 User Search Context Repeat the password you entered under Ldap Auth Password 283 Enhanced User Login 284 285 Centralized Authentication Service CAS Configuration 286 User Management CAS Generic Configuration 287 Always Display Login Login URL of the CAS service Port of the CAS service Default port numberDNS name of the CAS service Logout URL of the CAS service Assign a privilege group to the user here Permission to configure local user access data 290CAS User Privilege and Permissions 291 Following pages are available for console redirection Console Redirection Redirecting the consoleConsole Redirection Redirecting the console 292 Console Redirection Mode 293 Flow control is handled by the software Following settings are possibleFlow control is disabled Flow control is handled by the hardware 295 Start text console redirection via Serial over LAN SOL Power management and text console redirection Login window 296 297 Console Redirection Redirecting the console To close the connection to the console, click Leave Console 299 Windows Server 2003 SAC console 301 Console Redirection Redirecting the console 303 Advanced Video Redirection IRMC S2/S3 View Screenshot Takes a new video screenshot This function is not supported for all Primergy servers 305 No USB port will be disabled 306 Parallel AVR sessions 307 You start AVR under Video Redirection 308 AVR window full-control mode 309 AVR window with two active AVR sessions AVR window when the server is powered down IRMC S2/S3 311 Remote Storage Remote Storage Remote Storage Connection Status 313 Remote Storage Server Requirements on the managed server Operating iRMC S2/S3 via Telnet / SSH Remote ManagerOperating iRMC S2/S3 via Telnet / SSH Remote Manager 315 316 Establishing an SSH connection to the iRMC S2/S3 317 SSH connection Logging in to the Remote Manager Remote Manager login window is displayed Telnet connection Logging in to the Remote Manager Closing a Telnet / SSH connection 319 320 IRMC S2/S3 via Telnet/SSH Remote Manager 321 Requirements on the managed server 323 Operating Remote ManagerOperating Remote Manager System Information Overview of menusOverview of menus Enclosure Information Service Processor 325 326 LoggingLogging 327 Remote Manager Main menu window without system information Main menu of the Remote Manager Main menu of the Remote Manager Change the password Configure the iRMC S2/S3iRMCS2/S3 e.g. update firmware or Start a command line shell 330 331 System Information Information on the managed server Change the passwordChange the password 333 System Information Information on the managed serverSets a customer-specific asset tag for the managed server Graceful shutdown and power off Powers the server down completely and thenPowers it up again after a configured period Agents are installed and signed onto 335 Remote Manager Enclosure Information menu IRMC S2/S3 Housing are open Display information on the temperature sensorsDisplay information on the power supplies and their Primergy diagnostic LED Enclosure Information System Eventlog Clear the contents of the internal event log Enclosure Information Internal Eventlog Display the IP settings Configure the IPv4 / IPv6 address settingsFor details in the individual settings Switch the Primergy identification LED on/off Start a Command Line shell... Start a Smash CLP shell Console Redirection EMS/SAC Start text console redirection Show and change the logging run state Show the console log in fast modeContinuous mode For a more detailed description, see Console Logging Console Logging Run State Menu Smash CLP syntax Command Line Protocol CLPCommand Line Protocol CLP 343 Command Line Protocol CLP An overview of the CLP command hierarchy is shown in on Command Line Protocol CLP User data in the CLP overviewHierarchy of the CLP commands 345 346 Requirements 347 Configuring via Server Configuration Manager 348 Applying settings 349 350 Operations Manager Start window 351 Configuring via Server Configuration Manager Firmware update 353 Active and passive firmware image IRMC S2/S3 firmware overviewIRMC S2/S3 firmware overview 355 Structure of the iRMC S2/S3 Eeprom IRMC S2/S3 firmware overview Firmware selector Proceed as follows Setting up the USB memory stickSetting up the USB memory stick Connect the USB memory stick to your computer Setting up the USB memory stick 359 Updating firmware images Update via the iRMC S2/S3 web interfaceUpdating firmware images Downgrading the firmware to the previous version Update using the ServerView Update Manager 361 Online update using ServerView Update Manager Express or ASP When downgrading the firmware, please note Update using the operating system flash tools 363 Updating firmware images Proceed as follows 365 Update via the lashDisk menuFirmware downgrade is only possible via recovery flash Readme file is opened An iRMC S2/S3 warm start is performed 367 Emergency flashEmergency flash Syntax Flash toolsFlash tools Options Update the inactive firmware Updates the bootloader firmwareEmulation mode for debugging purposes only Flashing operation Flash tools Return values Remote installation of the operating system via iRMC S2/S3 371 General procedure 373 Connecting a storage medium as remote storage Remote Storage connections 375 Storage Devices dialog box ServerView Suite DVD Booting from DVD 377 Choose Standard mode as the Installation Manager mode Booting from DVD Starting local deployment 379 Installing the operating system 380 381 382 Installing Linux on the managed server after configuration 383 Installing the operating system SCCI-compliant signaling commands Ipmi OEM Commands supported by the iRMC S2/S3SCCI-compliant communication commands Overview IRMC S2/S3-specific commands BIOS-specific commandF109 Get Bios Post State F115 Get CPU Info Description format Description of the Ipmi OEM commandsIpmi OEM Commands supported by the iRMC S2/S3 387 Power on Description Source 388 389 390 391 Time LSB first 393 02 06 System OS Shutdown Request and Reset02 05 System OS Shutdown Request 394 This command checks whether the agent is active02 09 Shutdown Request Cancelled 395 Attribute 396 This command returns the current firmware selector setting 397 398 399 400 BIOS-specific commands F1 09 Get Bios Post StateThis command provides information whether Bios is in Post 401 Bit System on Bit Watchdog active Agent connected Post State 402 Ipmi OEM Commands supported by the iRMC S2/S3 Signaling Notifications 404 EEPROM# 00=EEPROM 1 01=EEPROM 405 CSS and Physical LED available This command translates a given SEL entry into long text 406 407 F5 B1 Get Identify LED 408 State of Error LED 409 F5 E0 Reset ConfigSpace variables to default 410 411 IRMC S2/S3 configuration data Overview 413 Cmdseq Integer value 415 Transferring the string Hello World Transferring a password as clear readable textTransferring an encrypted password 416 Transferring the IPv4 address 417 IRMC S2/S3 419 420 Scripted configuration of the iRMC S2/S3List of Scci commands supported by the iRMC S2/S3 421 USERNAME, Password 422 423 Generating encrypted passwords with iRMCPWD.exe IRMCPWD standard command line options Creates the output file as a WinSCU Batch file Output File IRMCPWD command line output optionsDefault in Batch mode iRMCpwd.pre 425 Contents of the generated .pre file 426